Blog

Microsoft gives Linux a security boost with these new attack detection tools

Microsoft gives Linux a security boost with these new attack detection tools

Tags:

Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.

microsoft-linux-edr.jpg

EDR for Linux is now available in public preview.

Image: Microsoft

More about Open Source

Endpoint detection and response (EDR) capabilities for Microsoft Defender for Endpoint on Linux are now available in public preview.

Linux EDR will help Defender for Endpoint customers better protect Linux servers and networks and quickly take action against threats, Microsoft said.

SEE: Linux service control commands (TechRepublic Premium)

Microsoft Defender for Endpoint on Linux supports recent versions of the six most common Linux server distributions supported by Microsoft, which includes RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+ and Oracle Linux 7.2.

Customers will need to enable preview features in Microsoft Defender Security Center if they want to try out the new Defender for Endpoint preview features, and will also need to be running version 101.12.99 or higher.

Microsoft has published more detailed steps for getting started on its Tech Community blog.

Microsoft announced Defender for Endpoint for Linux – then known as Defender Advanced Threat Protection – back in November 2019 and made it generally available seven months later in June 2020.

The new endpoint detection and response capabilities build on the preventative antivirus capabilities and reporting tools already available through the Microsoft Defender Security Centre.

SEE: Top Windows 10 run commands (free PDF) (TechRepublic)

Specifically, the new Defender for Endpoint EDR capabilities include:

  • Rich investigation experience, including machine timeline, process creation, file creation, network connections, login events and advanced hunting.
  • Enhanced CPU utilization in compilation procedures and large software deployments.
  • In-context AV detections, providing insight into where a threat came from and how the malicious process or activity was created.

Microsoft said: “With the new Linux EDR capabilities, Defender for Endpoint customers will have the ability to detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats.”

Also see

Source of Article